﻿<%
Public Function SafeRequest(ByRef key, ByVal t)
    '--- 传入参数 ---
    'key:    参数名称-字符型
    't:      参数类型-数字型(1表示以上参数是数字，否则表示以上参数为字符)

    Dim v
    v = Request(key)
    If t = 1 Then
        If v = vbNullString Or Not IsNumeric(v) Then
            Response.Write("参数 [" & key & "] 必须为数字型！")
            Response.End()
        End If
    Else
        CheckString v, "select"
        CheckString v, "update"
        CheckString v, "delete"

        v = Replace(v, "'", "''")
        'v=replace(v," ","")
        v = Replace(v, ">", "&gt;")
        v = Replace(v, "<", "&lt;")
        'v=replace(v,"select","")
        'v=replace(v,"update","")
        'v=replace(v,"delete","")
    End If
    SafeRequest = v
End Function

Public Function GetSafeRequest(ByRef key, ByVal t, ByRef defaultValue)
    Dim v
    v = SafeRequest(key, t)
    If v = vbNullString Then
        v = defaultValue
    End If
    GetSafeRequest = v
End Function

Private Sub CheckString(ByRef text, ByRef subString)
    If InStr(1, text, subString, vbTextCompare) <> 0 Then
        Response.Write("参数 [" & text & "] 包含非法字符！")
        Response.End()
    End If
End Sub


'http://msdn.microsoft.com/en-us/library/27ydhh0d(v=VS.80).aspx
Public Function IIf(ByVal Expression, ByVal TruePart, ByVal FalsePart)
    If Expression Then
        IIf = TruePart
    Else
        IIf = FalsePart
    End If
End Function


Public Function GetBeijingTime(ByVal LOCAL_TIME)
    Dim time_temp
    time_temp = LOCAL_TIME
    If IsDate(time_temp) Then
        If CDate(time_temp) < CDate("2008-04-09 18:28:00") Then
            GetBeijingTime = DateAdd("h", 15, time_temp)
        Else
            GetBeijingTime = time_temp
        End If
    Else
        GetBeijingTime = time_temp
    End If
End Function

Public Function GetBeijingDate(ByVal LOCAL_TIME)
    GetBeijingDate = CDate(LOCAL_TIME)
    'year(dateadd("h",16,LOCAL_TIME))&"-"&month(dateadd("h",16,LOCAL_TIME))&"-"&day(dateadd("h",16,LOCAL_TIME))
End Function

Public Function GetPayMethod(ByVal Paymethod_id)
    Dim sql_tmp, rs_tmp
    sql_tmp = "select method_name from pay_method where method_id=" & Paymethod_id
    Set rs_tmp = conn.execute(sql_tmp)
    If Not rs_tmp.eof Then
        GetPayMethod = rs_tmp("method_name")
    Else
        GetPayMethod = "不详"
    End If
    Set rs_tmp = Nothing
End Function


%>